ransomwarefandomcom-20200214-history
BTCamant Ransomware
BTCamant Ransomware Overview The BTCaramnt ransomware is a malware that is under investigation by the security community. The name of the virus comes from the "Mission Impossible" movie. According to the available information the BTCamant ransomware is based on the Radamant ransomware which was uncovered in December 2015. Upon infection it follows the usual behavior by encrypting target user files and demanding a ransom fee of 0.5 Bitcoins. In addition we assume that the virus also deletes the Shadow Volume Copies of the infected host as well. The .BTC extension is used to rename the affected files. BTCamant Ransomware Affected File Types 1cd, dbf, dt, cf, cfu, mxl, epf, kdbx, erf, vrp, grs, geo, st, pff, mft, efd, 3dm, 3ds, rib, ma, sldasm, sldprt, max, blend, Iwo, lws, mad, mb, obj, x, x3d, movie.byu, c4d, fbx, dgn, dwg, 4db, 4d1, 4mp, abs, accdb, accdc, accd e, accdr, accdt, accdw, accft, adn, aid, adp, aft, and, alf, ask, awdb, azz, bdb, bib, bnd, bok, btr, bak, backu p, cdb, ckp, clkw, cma, crd, daconnections, dacpac, dad, dadiagrams, daf, daschema, db, db-shm, db-wal, db2, db 3, dbc, dbk, dbs, dbt, dbv, dbx, dcb, dct, dcx, ddl, df1, dmo, dnc, dpl, dqy, dsk, dsn, dta, dtsx, dxl, eco, ec x, edb, emd, eql, fcd, fdb, fic, fid, fil, fm5, fmp, fmp12, fmpsl, fol, fp3, fp4, fps, fp7, fpt, fpt, fzb, fzv, g db, gwi, hdb, his, ib, idc, ihx, itdb, itw, jtx, kdb, lgc, maq, mdb, mdbhtml, mdf, mdn, mdt, mrg, mud, mwb, s3m, myd, ndf, ns2, ns3, ns4, nsf, nsf, nv2, nyf, oce, odb, oqy, ora, orx, owc, owg, oyx, p96, p97, pan, pdb, pdb, pd b, pdm, phm, pnz, pth, pwa, qpx, qry, qvd, rctd, rdb, rpd, rsd, sbf, sdb, sdb, sdb, sdf, spq, sqb, stp, sql, sqli te, sqlite3, sqlitedb, str, tcx, tdt, te, teacher, tmd, trm, udb, usr, v12, vdb, vpd, wdb, wmdb, xdb, xld, xlgc, zdb, zdc, cdr, cdr3, ppt, pptx, 1st, abw, act, aim, ans, apt, asc, ascii, ase, aty, awp, awt, aww, bad, bbs, bd p, bdr, bean, bib, bna, boc, btd, bzabw, chart, chord, cnm, crd, crwl, cyi, dca, dgs, diz, dne, doc, doc, docm, d ocx, docxml, docz, dot, dotm, dotx, dsv, dvi, dx, eio, eit, email, emlx, epp, err, err, etf, etx, euc, fadein, fa q, fb2, fbl, fcf, fdf, fdr, fds, fdt, fdx, fdxt, fes, fft, flr, fodt, fountain, gtp, frt, fwdn, fxc, gdoc, gio, g io, gpn, gsd, gthr, gv, hbk, hht, hs, htc, hwp, hz, idx, iii, ipf, jarvis, jis, joe, jp1, jrtf, kes, klg, klg, kn t, kon, kwd, latex, lbt, lis, lit, Int, 1p2, lrc, 1st, 1st, ltr, ltx, lue, luf, lwp, lxfml, lyt, lyx, man, map, m box, md5txt, me, mell, min, mnt, msg, mwp, nfo, njx, notes, now, nwctxt, nzb, ocr, odm, odo, odt, ofl, oft, openb sd, ort, ott, p7s, pages, pfs, pfx, pjt, plantuml, prt, psw, pu, pvj, pvm, pwi, pwr, qdl, rad, readme, rft, ris, rng, rpt, rst, rt, rtd, rtf, rtx, run, rzk, rzn, saf, safetext, sam, scc, scm, scriv, scrivx, sct, scw, sdm, sdo c, sdw, sgm, sig, skcard, sla, slagz, sls, smf, sms, ssa, strings, stw, sty, sub, sxg, sxw, tab, tdf, tdf, tex, t ext, thp, tlb, tm, tmd, tmv, tmx, tpc, trelby, tvj, txt, u3d, u3i, unauth, unx, uof, uot, upd, utf8, unity, utx t, vct, vnt, vw, wbk, wbk, wcf, webdoc, wgz, wn, wp, wp4, wps, wp6, wp7, wpa, wpd, wpd, wpl, wps, wps, wpt, wpw, wri, wsc, wsd, wsh, wtx, xbdoc, xbplate, xdl, xdl, xlf, xps, xwp, xwp, xwp, xy3, xyp, xyw, ybk, yml, zabw, zw, 2b p, 0,36, 3fr, 0,411, 73i, 8xi, 9png, abm, afx, agif, agp, aic, albm, apd, apm, apng, aps, apx, art, artwork, ar w, any, asw, avatar, bay, blkrt, bm2, bmp, bmx, bmz, brk, brn, brt, bss, bti, c4, cal, cals, can, cd5, cdc, cdg, cimg, cin, cit, colz, cpc, cpd, cpg, cps, cpx, cr2, ct, dc2, dcr, dds, dgt, dib, dicom, djv, djvu, dm3, dmi, vu e, dpx, wire, drz, dt2, dtw, dvl, ecw, eip, erf, exr, fal, fax, fil, fpos, fpx, g3, gcdp, gfb, gfie, ggr, gif, gi h, gim, gmbck, gmspr, spr, scad, gpd, gro, grob, hdp, hdr, hpi, i3d, icn, icon, icpr, iiq, info, int, ipx, itc2, iwi, j, j2c, j2k, jas, jb2, jbig, jbig2, jbmp, jbr, jfif, jia, jng, jp2, jpe, jpeg, jpg, jpg2, jps, jpx, jtf, jw 1 jxr, kdc, kdi, kdk, kic, kpg, lbm, ljp, mac, mbm, mef, mnr, mos, mpf, mpo, mrxs, myl, ncr, nct, nlm, nrw, oc 3, oc4, oc5, oci, omf, oplc, aft, af3, ai, art, asy, cdmm, cdmt, cdmtz, cdmz, cdt, cgm, cmx, cnv, csy, cv5, cvg, cvi, cvs, cvx, cwt, cxf, dcs, ded, design, dhs, dpp, drw, drw, dxb, dxf, egc, emf, ep, eps, epsf, fh10, fh11, fh 3, fh4, fh5, fhb, fh7, fhb, fif, fig, fmv, ft10, ft11, ft7, ft8, ft9, ftn, fxg, gdraw, gem, glox, gsd, hpg, hpg 1, hpl, idea, igt, igx, imd, ink, lmk, mgcb, mgmf, mgmt, mt9, mgmx, mgtx, mmat, mat, otg, ovp, ovr, pcs, pfd, pf v, pl, plt, pm, vrml, pmg, pobj, ps, psid, rdl, scv, sk1, sk2, slddrt, snagitstamps, snagstyles, ssk, stn, svf, s vg, svgz, sxd, tic, tne, ufr, vbr, vec, vml, vsd, vsdm, vsdx, vstm, stm, vstx, wmf, wpg, vsm, vault, xar, xmind, xmmap, yal, orf, ota, oti, ozb, ozj, ort, pal, pano, pap, pbm, pct, pct, pc3, pcd, pcx, pdd, pdn, pe4, pe4, pef, pfi, pgf, pgm, pil, pi2, pi3, pic, pict, pix, pjpeg, pjpg, pm, pmg, png, pni, pnm, pntg, pop, pp4, pp5, ppm, pr w, psd, psdx, pse, psp, pspbrush, ptg, ptx, ptx, pvr, px, pxr, pz3, pza, pzp, pzs, z3d, qmg, ras, rcu, rgb, rgb, rgf, ric, riff, rix, rle, rli, rpf, rri, rs, rsb, rsr, rw2, rwl, s2mv, sai, sci, sct, sep, sfc, sfera, sfw, skm, sld, sob, spa, spe, sph, spj, spp, sr2, srw, ste, sumo, sva, save, ssfn, t2b, tb0, tbn, tex, tfc, tg4, thm, thum b, tif, tiff, tjp, tm2, tn, tpi, ufo, uga, usertile-ms, vda, vff, vpe, vst, wb1, wbc, wbd, wbm, wbmp, wbz, wdp, w ebp, wpb, wpe, wvl, x3f, y, ysp, zif, cdr4, cdr6, rtf, cdmw, jpeg, djvu, pdf, ddoc, css, pptm, raw, cpt, gif, jpe g, jpg, jpe, jp2, pcx, pdn, png, psd, tga, tiff, tif, hdp, xpm, ai, cdr, ps, svg, sai, wmf, emf, ani, apng, djv, flc, fb2, fb3, fli, mng, smil, svg, mobi, svf, html, xls, xlsx, csv, xlsm, ods, xhtm BTCamant Ransomware Note Hello! For getting back Your PC data You need to contact with us through email as soon as possible: sepas@protonmai1.com , sepast@protonmai1.com BTCamant Ransomware Distribution We assume that the ransomware uses the most popular distribution tactics such as spam email messages, infected software installers and etc. BTCamant Ransomware Removal In-depth removal instructions and detailed technical information about the virus can be found on Best Security Search.